: So... I don't see a path for exploit.
:: Now, if config.inc is in your web root... that's a different problem as
: it has your mysql db connection info it. Also, I think the scripts
: relies on register globals as I see a lot of values being used in SQL
: that aren't defined and don't have any input validation on them... you
: know what that means--but I don't have time right now to dig into this
: further.
now 404:
http://www.aria-security.net/advisory/igloo/doublespeak.txt